Doing your homework will enable you to leverage the cost savings and other benefits of cloud computing while managing the risks.
Suppose your project team has just been tasked with building a text-searchable database from 400,000 JPEG images of archived government documents. Each image must first be converted to portable document format (PDF) and then be converted to searchable text via optical character recognition (OCR). The time available for this task? Two weeks, at which time the database will be needed for another project.
Your team does some quick calculations: The PDF and OCR conversions will take about 30 seconds per page. With a single server, that will mean 139 days! With 30 or more servers, the job could be done in five. But 30 servers? How long would it take and how much would it cost to get them and configure them? And how will you dispose of them when the job is done?
Do you incur the outlay and the risk, or simply declare the task infeasible? Or do you search for alternatives—and discover that a commercial cloud-computing solution will let you harness the power of 200 servers and get the job done in 16 hours for about $300?
Promise or Peril?
This scenario, based on actual data, illustrates the tremendous potential of cloud computing to offer efficient, scalable, agile, and innovative solutions at dramatically lower cost. Often described as "IT as a utility," cloud computing is the accessing and delivery of information technology resources and services (software, platforms, and even infrastructure, such as the servers in the above example) via the Internet ("the cloud"), based on a utility-like, "on the meter" acquisition and pricing model.
Rather than make large initial or ongoing capital investments unnecessarily, the cloud enables organizations to use only the computing resources they need and pay only for what they use. A 2011 analysis by the Brookings Institution indicated that migrating federal, state, and local government projects to the cloud generally resulted in cost savings of 25 to 50 percent. Organizations also can accommodate huge fluctuations in computing workload and rapidly evolving demands without scrambling for hardware and software because they can access a seemingly infinite computing capacity and array of technology solutions "in the cloud."
To reap these and other benefits, the federal Office of Management and Budget (OMB) mandated in December 2010 that all federal agencies evaluating options for new IT deployments "default to cloud-based solutions whenever a secure, reliable, cost-effective cloud option exists." Migration to the cloud is key to accelerating OMB's Federal Data Center Consolidation Initiative (FDCCI) to eliminate waste and redundancy, better utilize staff and resources, and lower the government's carbon footprint by eliminating 800 of some 2,000 data centers by 2015.
Significant concerns about cloud computing exist. For many, security is foremost: If the data isn't physically here, then where is it? Who might be able to access it, and how do we assure it is safeguarded? Given federal archiving and data protection requirements, such concerns are important and valid, as are concerns about interoperability and portability. Further, the cloud does not always provide the least costly or most appropriate alternative. Too often, however, cloud technology is ruled out due to issues that are more perceived than real, concerns that could be overcome through research and judicious procurement planning, and sheer resistance to change.
Cutting Through the Fog: Research and Business Analysis
With demands for new technology services accelerating, and IT budgets under increasing pressure, all managers involved in IT decision making must be open to thinking outside the box and prepared to weigh the true benefits and risks of cloud computing. It is important to follow a few essential steps in the process.
Understand the Implications Of Different Deployment Models
The public cloud allows you to minimize costs by sharing virtual resources with any number of organizations and individuals ("multi-tenancy"). But you may sacrifice control over security, governance, and reliability—or find that the certification and accreditation processes you must go through to address these issues negate the potential savings. A private cloud dedicated to your organization gives you tighter control and affords scalability, but at a higher cost and with greater need for internal expertise.
An optimal solution might be afforded by a community cloud, where you and related organizations leverage the same resources and services with consistently implemented standards, or by a hybrid cloud, with a private cloud hosting your core applications and sensitive data and a public cloud handling noncore applications and surges in demand ("cloud bursting"). You must be able to weigh the tradeoffs between models intelligently. For greatest cost-efficiency, look to the public cloud whenever possible—if nothing else, for testing and prototyping.
Clarify Agency Priorities
Potential priorities include cost, data security, compliance, interoperability, speed to provision and deployment, dynamic scalability, collaboration, and flexibility. Map your priorities list to potential cloud features, and identify which of your projects will see the most benefit.
Create a Thorough Checklist
Address all considerations, including contractual and legal and regulatory requirements, early on to prevent costly surprises down the road. See box at right for key points.
Identify First Movers
Great choices for moving to the cloud first include projects with fluctuating resource needs and short-term projects where it is not cost- or time-effective to procure physical resources. Do your homework; learn from other organizations' successes and mistakes with similar project requirements. Run a pilot project that is not mission critical or is standalone, involves little or no sensitive data or customization, and can be implemented with little upgrading of current staff skill sets.
Craft a Sound RFP
Make sure you understand all pricing and service-level agreement terms. Clearly define all regulatory and legal requirements. Ensure that the cloud service can scale to your expected requirements.
Take Advantage of Resources
Build on groundwork laid, best practices identified, and approaches made available by OMB and others. GSA's Apps.gov, for example, allows organizations to access a wealth of cloud IT services applications in accordance with their procurement and other policies and procedures. The National Institute of Standards and Technology recently published guidelines on assuring security and privacy in public cloud computing.
The CIO Council and Chief Acquisition Officers Council, in coordination with the Federal Cloud Compliance Committee, recently published best practices for acquiring IT as a service. In December 2011 the federal CIO introduced the Federal Risk and Authorization Management Program (FedRAMP) to reduce barriers to cloud computing by helping agencies streamline the security and risk assessment process involved. FedRAMP authorizes a standardized, "do once, use many times" approach to security assessment, authorization, and continuous monitoring of cloud systems. Be prepared to leverage these and other cloud computing resources as they become available.
Making the Shift
Moving to the cloud requires a shift of mindset from buying and managing assets to buying and managing services on demand. Depending on an organization's specific needs, training courses on cloud IT for government may be needed.
Cloud computing is not a panacea. It offers too many opportunities to lower operational costs, improve application delivery, and achieve system agility to be dismissed without weighing benefits and risks knowledgeably and carefully. As long as organizations perform a thorough evaluation on their cloud computing needs, potential cloud implementation, and vendors, there is no need to be intimidated by a move to the cloud.
